Ah, thats it. My conntrack entries are full and temporarily increasing it resolves the problem.
What would be a reasonable conntrack limit for a tor exit? On Thu, Jan 18, 2018 at 10:45 PM nusenu <nusenu-li...@riseup.net> wrote: > > > Quintin: > >> Do you reach your server's conntrack limit? > > > > The word conntrack never appears in my logs, so I don't think it's that. > > The ISP also requires this from tor exits: > net.netfilter.nf_conntrack_max = > > 10000 > > How many conntrack entries do you actually have when you get > sendto failed: Operation not permitted > log entries? > > sysctl net.netfilter.nf_conntrack_count > or > cat /proc/sys/net/netfilter/nf_conntrack_count > > Regardless of whether this is the root-cause or not, > nf_conntrack_max = 10k is probably to low for an exit relay. > > If nf_conntrack_count is near nf_conntrack_max, does the problem > go away when you temporarily increase nf_conntrack_max? > > -- > https://mastodon.social/@nusenu > twitter: @nusenu_ > > -- 0101100101000001010010000101011101000101010010000010000001000010 0100110001000101010100110101001100100000010110010100111101010101
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
